FROM debian:bookworm

# 1. 配置 Debian 官方源（中科大镜像）和树莓派源
RUN echo "deb http://mirrors.ustc.edu.cn/debian bookworm main contrib non-free" > /etc/apt/sources.list && \
    echo "deb http://mirrors.ustc.edu.cn/debian bookworm-updates main contrib non-free" >> /etc/apt/sources.list && \
    echo "deb http://mirrors.ustc.edu.cn/debian-security bookworm-security main contrib non-free" >> /etc/apt/sources.list && \
    # 树莓派源暂时注释，避免 update 时校验失败
    echo "# deb http://mirrors.ustc.edu.cn/raspbian/raspbian/ bookworm main" > /etc/apt/sources.list.d/raspi.list

RUN rm -rf /etc/apt/sources.list.d/debian*

# 2. 仅更新 Debian 源，安装 gnupg（此时树莓派源被注释，不会校验）
RUN apt-get update --allow-unauthenticated && \
    apt-get install -y --allow-unauthenticated gnupg && \
    rm -rf /var/lib/apt/lists/*

# 3. 启用树莓派源，导入密钥
RUN sed -i 's/^# deb/deb/' /etc/apt/sources.list.d/raspi.list && \
    apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9165938D90FDDD2E

# 4. 更新所有源并安装依赖
RUN apt-get update && \
    apt-get install -y \
    build-essential \
    gdb \
    gdbserver \
    lldb \
    strace \
    python3 \
    valgrind \
    gcc \
    g++ \
    ccache \
    cmake \
    git \
    cmake \
    dos2unix \
    vim \
    ninja-build \
    libssl-dev \
    libprotobuf-dev \
    protobuf-compiler \
    libmariadb-dev-compat \
    libmariadb-dev \
    libmysqlcppconn-dev \
    openssh-server \
    openssh-client \
    iputils-ping \
    telnet \
    net-tools \
    iproute2 \
    dnsutils \
    curl \
    wget \
    procps \
    htop \
    sysstat \
    lsof \
    sudo \
    && rm -rf /var/lib/apt/lists/*

# 5. 创建超级用户bingle并赋予root权限
RUN useradd -m -s /bin/bash bingle && \
    echo 'bingle:1' | chpasswd && \
    usermod -aG sudo bingle && \
    echo 'bingle ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers

# 5. 配置SSH服务
RUN mkdir /var/run/sshd && \
    echo 'root:1' | chpasswd && \
    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
    sed -i 's/#Port 22/Port 22/' /etc/ssh/sshd_config && \
    sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config

# 6. 暴露SSH端口
EXPOSE 22

# 7. 启动SSH服务（通过脚本保持容器运行）
# RUN echo '#!/bin/bash\nservice ssh start\nbash' > /root/start.sh && \
    # chmod +x /root/start.sh

WORKDIR /root

CMD ["/usr/sbin/sshd", "-D"]

# 构建镜像
# Powershell窗口:
# $env:BUILDKIT_CPU_QUOTA=400000
# $env:BUILDKIT_MEMORY_LIMIT=8g
# Command 窗口:
# set BUILDKIT_CPU_QUOTA=400000
# set BUILDKIT_MEMORY_LIMIT=8g
# docker build --platform=linux/arm64 -t rasp_dev_image .
# 创建容器
# docker run --cpus 4 --memory 8g -d -it -v d:\work:/root/work -p 2222:22 --platform linux/arm64 --name rasp_dev_container --restart always rasp_dev_image
# docker run --privileged --security-opt seccomp=unconfined --security-opt apparmor=unconfined -d -v /root/work:/root/work -p 2222:22 --platform linux/arm64 --name rasp_dev_container rasp_dev_image
# 再次进入
# docker exec -it rasp_dev_container bash
# 镜像保存 
# docker save -o /path/to/rasp_dev_container.tar rasp_dev_container:latest
# 镜像加载
# docker load -i /path/to/rasp_dev_container.tar
# 容器守护
# docker update --restart=always rasp_dev_container
